Skip to Navigation
Skip to Main content
OIG Home
OIG Home

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Audit Highlights

The following are highlights of our work during the October 1, 2017–March 31, 2018, semiannual reporting period.

Audits, Evaluations, and Inspections

The Board's Information Security Program
The Board has taken several steps to mature its information security program to ensure that it is consistent with Federal Information Security Modernization Act of 2014 (FISMA) requirements. However, the Board's information security program needs several improvements in the areas of risk management, information technology services centralization, configuration management, and information security continuous monitoring.

Leadership and Management Best Practices on Encouraging Divergent Views
We issued our first OIG Insights paper, based on an evaluation we conducted regarding employees' willingness to share their views about large financial institution supervision activities. We identified widely applicable best practices that leaders can follow to increase employees' willingness to share their views. These best practices include soliciting viewpoints regularly, modeling a willingness to challenge up the chain of command, recognizing employees who speak up, explaining the rationale for decisions, and acknowledging their own mistakes.

The Board's Organizational Governance System
The Board's core organizational governance structure aligns with benchmark institutions and selected governance principles, as does its public disclosure of governance documents. Nonetheless, the Board can strengthen its governance system to enable it to more effectively and efficiently achieve its objectives.

The Failure of Allied Bank
The Board can improve supervisory processes by clarifying when Federal Reserve Banks should report suspicious activity detected during bank examination activities to law enforcement officials and enhance communication between the Board's Legal Division and the Reserve Banks following requests for an enforcement action.

The CFPB's Information Security Program
The CFPB has taken several steps to mature its information security program to ensure that it is consistent with FISMA requirements. However, the CFPB's information security program needs several improvements in the areas of enterprise risk management, configuration monitoring, multifactor authentication, security awareness and training, and incident response and contingency planning.

The CFPB's Offboarding Processes and Data
The CFPB has offboarding controls related to conflicts of interest for executive employees' postemployment restrictions; however, the CFPB has opportunities to strengthen controls related to other components of the employee offboarding process.

RELATED INFORMATION

Audits FAQs

See common Audits questions and answers.

Audit Reports

View a sortable list of audits, evaluations, and other reviews.